This entry is part 10 of 10 in the series Intrusion DetectionThis article summarizes and analyzes discussion from two different articles on the subjects of DNS Rebinding and the use of contextual signatures with Intrusion Detection Systems. DNS Rebinding is type of attack that was first documented in the mid 1990s. Since then it has become more prevalent through vulnerabilities inherent …

This entry is part 9 of 10 in the series Intrusion DetectionDenial of Service (Dos) and Distributed Denial of Service (DDoS) attacks have continued to prove to be one of the most challenging threats in modern times. While DoS has been around for some time, the methods used and practices of distributed botnets and automated scripts have continued to grow …

This entry is part 8 of 10 in the series Intrusion DetectionBluetooth connectivity has grown immensely in popularity with mobile devices in the last number of years. The convenience factor of being able to have a hands-free experience with a mobile phone while driving or out and about has fueled this growth. Unfortunately, like all conveniences there are typically downsides. …

This entry is part 7 of 10 in the series Intrusion DetectionThe use of mobile devices including policies and employee restrictions should be considered in any modern network security architecture. Mobile devices are used commonly both at home and at work with some organizations managing BYOD (Bring your Own Device) policies. It is therefore important to consider the implications of …

This entry is part 6 of 10 in the series Intrusion DetectionA covert storage channel occurs when illegitimate hidden information or data is sent secretly via a legitimate communication channel. The process occurs through the manipulation of communications medium in an unconventional way in order to transmit data that is unseen in everyday operations. Thyer (2008). An example of a …

This entry is part 4 of 10 in the series Intrusion DetectionSyn Flood or Denial of Service Attack Syn Flood attacks, often referred to as Denial of Service Attacks are caused through exploitation of the TCP protocol. The attacker sends a large number of TCP/SYN packets using a forged address. Because of this, the destination server is unable to successfully …

This entry is part 3 of 10 in the series Intrusion DetectionWiFi is commonly used both within organizations and in the general public. In recent years attackers have discovered ways to lure victims by using rogue access points. These are essentially wireless access points that have been installed in a network without authorization. In some cases these may have been …

This entry is part 2 of 10 in the series Intrusion DetectionWireshark is a software application for protocol and network traffic analysis, also known as a network sniffer. The application can be downloaded for free at https://www.wireshark.org/#download. I downloaded Wireshark from the url and selected the macOS 10.6 .dmg file. I was able to successfully mount the download image and run …

This entry is part 1 of 10 in the series Intrusion DetectionSo it’s that time of year again where I decided to enroll in another Cybersecurity class at UMUC. I will be posting snippets from the class over the next few weeks. This week TCP Congestion Control was one of the topics I was looking at and so this post …